feat: Add authentication policies to SDK #2937
Conversation
| const ( | ||
| AuthenticationMethodsAll AuthenticationMethodsOption = "ALL" | ||
| AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML" | ||
| AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD" | ||
| AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH" | ||
| AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR" | ||
| ) |
There was a problem hiding this comment.
I wasn't sure how to get a list of an "enum" to work with QueryStruct and I couldn't find an existing pattern. If you have one let me know and I'll use these vs strings. Otherwise, I'll remove these sections.
There was a problem hiding this comment.
You can look at network_rule_def.go (it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT you would use g.KindOfTSlice (not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).
cmonty-paypal
force-pushed
the
add_authentication_policies
branch
from
35dc61b
to
2cb8ee3
Compare
|
Also, is there a way to configure the integration test client with a keypair? If not, I'll create a disposable account and use a password. |
| t.Run("with unsetting a policy", func(t *testing.T) { | ||
| sessionPolicy := "SESSION_POLICY1" | ||
| opts := &AlterUserOptions{ | ||
| name: id, | ||
| Set: &UserSet{ | ||
| SessionPolicy: String(sessionPolicy), | ||
| Unset: &UserUnset{ | ||
| SessionPolicy: Bool(true), | ||
| }, | ||
| } | ||
| assertOptsValidAndSQLEquals(t, opts, "ALTER USER %s UNSET SESSION POLICY", id.FullyQualifiedName()) | ||
| }) |
There was a problem hiding this comment.
This test was incorrect, it was setting a policy instead of unsetting one.
|
Hey @cmonty-paypal. Thanks for the contribution! We will do the review on Monday at the latest (we have a smaller team this week, sorry for the delay.) |
No worries. I still had some work to take care of in this PR. |
cmonty-paypal
force-pushed
the
add_authentication_policies
branch
from
401e8b6
to
379089f
Compare
cmonty-paypal
force-pushed
the
add_authentication_policies
branch
from
15d19dd
to
2b966a3
Compare
| const ( | ||
| AuthenticationMethodsAll AuthenticationMethodsOption = "ALL" | ||
| AuthenticationMethodsSaml AuthenticationMethodsOption = "SAML" | ||
| AuthenticationMethodsPassword AuthenticationMethodsOption = "PASSWORD" | ||
| AuthenticationMethodsOauth AuthenticationMethodsOption = "OAUTH" | ||
| AuthenticationMethodsKeyPair AuthenticationMethodsOption = "KEYPAIR" | ||
| ) |
There was a problem hiding this comment.
You can look at network_rule_def.go (it's for single attribute enums, but a list with specified type should be similar). But I'm guess instead of g.KindOfT you would use g.KindOfTSlice (not sure, but strings are also fine, so you can leave it this way if the approach from network rules wouldn't apply here).
|
Hey @cmonty-paypal 👋 |
@sfc-gh-jcieslak Yes, please do! Sorry I had a bit of travel last week and I'm gonna be out of office next week. I was hoping to get to this tomorrow but if you want to take over, I'm all for it. |
|
No worries, Thank You! We still have to finish some other topics, but we'll get to it as soon as possible. |
| @@ -122,6 +122,16 @@ func TestAccountAlter(t *testing.T) { | |||
| assertOptsValidAndSQLEquals(t, opts, `ALTER ACCOUNT SET SESSION POLICY %s`, id.FullyQualifiedName()) | |||
| }) | |||
|
|
|||
| t.Run("with set authentication policy", func(t *testing.T) { | |||
There was a problem hiding this comment.
the validation tests are missing (validations were updated but no test failed here)
There was a problem hiding this comment.
Addressed in #3068
| import ( | ||
| "context" | ||
|
|
||
| "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk/internal/collections" |
There was a problem hiding this comment.
this was moved to pkg/internal/collections
There was a problem hiding this comment.
Resolved in the follow-up pr
| @@ -44,6 +44,7 @@ var definitionMapping = map[string]*generator.Interface{ | |||
| "cortex_search_services_def.go": sdk.CortexSearchServiceDef, | |||
| "data_metric_function_references_def.go": sdk.DataMetricFunctionReferenceDef, | |||
| "external_volumes_def.go": sdk.ExternalVolumesDef, | |||
| "authentication_policies_def.go": sdk.AuthenticationPoliciesDef, | |||
There was a problem hiding this comment.
Resolved in the follow-up pr
| @@ -267,6 +267,27 @@ func TestInt_AccountAlter(t *testing.T) { | |||
| require.NoError(t, err) | |||
| }) | |||
|
|
|||
| t.Run("set and unset authentication policy", func(t *testing.T) { | |||
There was a problem hiding this comment.
skip this test for now @sfc-gh-jcieslak - can you have multiple authentication policies on the account? if not, it messes with our account setup
There was a problem hiding this comment.
Addressed in this pr, can be resolved right away
|
|
||
| assertAuthenticationPolicy := func(t *testing.T, authenticationPolicy *sdk.AuthenticationPolicy, id sdk.SchemaObjectIdentifier, expectedComment string) { | ||
| t.Helper() | ||
| assert.NotEmpty(t, authenticationPolicy.CreatedOn) |
There was a problem hiding this comment.
please generate assertion in the following change @sfc-gh-jcieslak
There was a problem hiding this comment.
Addressed in #3068
| assert.Contains(t, desc, sdk.AuthenticationPolicyDescription{Property: "MFA_ENROLLMENT", Value: "REQUIRED"}) | ||
| }) | ||
|
|
||
| t.Run("Alter - set comment", func(t *testing.T) { |
There was a problem hiding this comment.
@sfc-gh-jcieslak do we need such granular tests here?
There was a problem hiding this comment.
Addressed in #3068 I merged those tests into one set and unset
sfc-gh-jcieslak
changed the title
## Changes * Addressed comments from #2937 * Fixed failing tests caused by this change * Changed and added multiple tests connected to auth policies * Adjusted a few parts of the SDK implementation (using enums where possible, added a few missing parts, etc.) ## TODO * Mention in #2880 that the SDK for Auth Policies is ready
## Changes * Addressed comments from #2937 * Fixed failing tests caused by this change * Changed and added multiple tests connected to auth policies * Adjusted a few parts of the SDK implementation (using enums where possible, added a few missing parts, etc.) ## TODO * Mention in #2880 that the SDK for Auth Policies is ready
🤖 I have created a release *beep* *boop* --- ## [0.96.0](v0.95.0...v0.96.0) (2024-09-18) Essential GA object readiness for V1: [link](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/v1-preparations/ESSENTIAL_GA_OBJECTS.MD) ([Roadmap reference](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#preparing-essential-ga-objects-for-the-provider-v1)). :exclamation: Migration guide: [v0.95.0 -> v0.96.0](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0950--v0960) ### 🎉 **What's new:** * V1 redesign of resources and data sources * Row access policy ([#3066](#3066)) ([#3063](#3063)) * Resource monitor ([#3052](#3052)) ([#3064](#3064)) * Masking policy ([#3078](#3078)) ([#3083](#3083)) * SDK upgrades * External volume ([#3033](#3033)) * Authentication policy ([#2937](#2937)) ([#3068](#3068)) ([#3061](#3061)) ### 🔧 **Misc** * Clean up old test object helpers ([#3049](#3049)) * Add example of granting role to multiple objects ([#3047](#3047)) * Update readme and objects rework state ([#3046](#3046)) ### 🐛 **Bug fixes:** * Fix model grants ([#3070](#3070)) * Fix database show by and resource logic ([#3055](#3055)) * Fix default secondary roles option import ([#3041](#3041)) * Fix sweepers for warehouse and database ([#3057](#3057)) * Fix views permadiff ([#3079](#3079)) * Update v0.95.0 migration guide ([#3062](#3062)) Co-authored-by: snowflake-release-please[bot] <105954990+snowflake-release-please[bot]@users.noreply.github.com>
Adds Authentication Policy methods to the SDK.
Test Plan
References